250 matches found
Security Camera Firm Arlo Zaps High-Severity Bugs
Two high-severity vulnerabilities in Arlo Technologies’ wireless home security camera gear have been patched. The flaws, which indirectly impact Arlo’s popular fleet of wireless home security cameras, are limited to adversaries with local network and physical access to Arlo Base Stations. Both...
Design/Logic Flaw
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...
CVE-2019-1874
CVE-2019-1874 affects Cisco Prime Service Catalog and is a CSRF vulnerability in the web-based management interface caused by insufficient CSRF protection. An unauthenticated, remote attacker could lure a user to a malicious link and perform arbitrary actions with the privileges of the affected u...
Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...
Information disclosure
NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure...
MGASA-2019-0175 Updated libxslt packages fix security vulnerability
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded CVE-2019-11068...
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a...
EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1359)
According to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...
CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
PSF-2019-12 urllib module local_file:// scheme
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
CVE-2019-9948
CVE-2019-9948 involves urllib in Python 2.x (up to 2.7.16) and urllib in Python 3.x up to 3.7.4, where the local_file: scheme can bypass blacklist protections, enabling remote attackers to trigger local_file:///… URIs (e.g., /etc/passwd) and bypass URL-filtering. Public advisories from Debian, Re...
Design/Logic Flaw
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2018-19277
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201810-01 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view...
Lucy Gang Debuts with Unusual Android MaaS Package
There’s a fresh bloom in the malware-as-a-service garden: Researchers have uncovered a new Russian-speaking threat actor hawking a proprietary cyber-weapon dubbed “Black Rose Lucy.” The offering is a malware-as-a-service MaaS bundle with two parts, consisting of a controlling web interface which...
CVE-2018-16546
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by...
CVE-2018-16546
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by...
CVE-2018-10631
The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...
CVE-2018-10631 Medtronic N'Vision Clinician Programmer Protection Mechanism Failure
The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...
CVE-2018-10631 Medtronic N'Vision Clinician Programmer Protection Mechanism Failure
The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...